With federal and local government agencies suffering the brunt of Anonymous protests, targeted phishing attacks leading to privilege escalation, and highly effective SQL injection attacks granting wide-scale access to information, citizen privacy definitely took a hit in 2012.

More than 3.3 million unencrypted bank account numbers and 3.8 million tax returns were stolen in a wide-ranging attack against the South Carolina Department of Revenue that all started through a state employee falling for a phishing attack that enabled hackers to leverage that employee's access rights to gain access to the government entity's systems and databases.

Lessons Learned: Database protection layers like database activity monitoring, not to mention other network detection measures, could have gone a long way toward minimizing the damage caused by the type of phishing attack that all organizations, public and private, face today.